Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
103 Cards in this Set
- Front
- Back
|
Every Active Directory Forest must have which roles?
|
Domain Naming Master & Schema Master
|
|
|
What are the Domain Wide Operations Master Roles?
|
Relative Identifier (RID), PDC Emulator, Infrastructure Master
|
|
|
What are the three reasons to create multiple domains?
|
1. Meet security requirements 2. Meet Administation requirements 3. Optimize replication traffic
|
|
|
What are the three security settings within the account policies subdirectory of a group policy object in Active Directory?
|
Password policy, Account lockout policy, kerberos policy
|
|
|
Why would you administratively set up multiple domains?
|
For privacy
|
|
|
Why would you set up mulitple domains for replication?
|
Using smaller domains reduces network traffic
|
|
|
What are the Five Predefined Containers within Active Directory?
|
1. Builtin 2. Computers 3. Domain Controller 4. Foreign Security Principals 5. Users
|
|
|
What Predefined container is also an OU?
|
Domain Controllers
|
|
|
What can you delegate in the Delagation of Control Wizard?
|
1. Users or Groups 2. Tasks to Delegate 3. AD Objects Type 4. Permissions
|
|
|
What are the three things to know about trusts?
|
1. Can be created Manually 2. Can be either transitive (not bound by the domains in the trust relationship) or Non-Transitive (bound) 3. Trusts can be one-way or two-way
|
|
|
What is the default protocol in Win 2k3?
|
Kerboros
|
|
|
What is NLTest?
|
It is a command line tool that lists the trusts of the domain of a certain domain controller when you type the following command: nltest/trusted_domains/server:ship-name.navy.mil
|
|
|
What are the four trust relationships in Active Directory?
|
1. Shortcuts 2. External 3. Realm 4. Forest
|
|
|
What is replication used for?
|
Fault Tolerance, Load Balancing, and Proximity
|
|
|
What are the two trade-offs with replication?
|
High replication load vs latency
|
|
|
What changes initiate replication (trigger)?
|
Create, Modify, Move and Delete
|
|
|
What is the component the builds a replication topology when there are multiple domain controllers?
|
Knowledge Consistency Checker
|
|
|
What does the Knowledge Consistency Checker do?
|
It wakes up every 15 minutes to check if there are changes in the selection of domain controllers and it creates shortcuts when additional domain controllers are added.
|
|
|
What does a shortcut connections between domain controllers do?
|
It makes sure that a path between domain controllers is never more than 3 hops (maximum of 45 seconds)
|
|
|
What is Replmon?
|
Forces synchronization between domain controllers
|
|
|
What is Repadmin
|
Forces replication between replication partner.
|
|
|
What are the three restore methods?
|
1. Primary 2. Non-Authoritative 3. Authoritative
|
|
|
What is the primary restore method?
|
Used when restoring the only running server (all others lost).
|
|
|
What is the Non-Authoritative restore method?
|
(Default) Resstores services, receives data from other servers through replication
|
|
|
What is the Authoritative restore method?
|
Restores to the state of the last backup and over writes all changes since backup
|
|
|
What is the default restore method?
|
Non-Authoritative
|
|
|
What utility is used to do an authoritative restore?
|
Ntdutil.exe
|
|
|
What are the Active Directory Tools used to troubleshoot?
|
1. Directory Service Log 2. Netdiag.exe 3. Dcdiag.exe 4. Ntdutil.exe
|
|
|
What is Netdiag.exe
|
It is a command line Network Connectivity Tester. Performs a series of tests and writes results to a text file.
|
|
|
What is Dcdiag.exe
|
It is a command line domain controller diagnostic tool
|
|
|
What is Ntdutil.exe
|
It is a command line Active Directory diagnostic tool
|
|
|
What are the two ways of mangeing master roles?
|
Transferring operations master roles with permission of current owner & Seizing the operational master role without permission
|
|
|
What is convergence?
|
AD is a loosely consistent database. Information in different domain controllers is not necessarily consistent at any given time. However, when there are no changes for a while, the information will tend to be consistent. This is convergence.
|
|
|
What is intrasite?
|
Uses a bidirectional ring and add shortcuts if more than three hops to reduce latency.
|
|
|
What is intersite?
|
Uses bridgehead servers to replicate to and from other sites.
|
|
|
What is Group Scope?
|
It defines how permissions are assigned to group members and how a group can be used across domain boundaries.
|
|
|
What are the 3 Group Scopes?
|
1. Domain Local 2. Global 3. Universal
|
|
|
What is Domain Local?
|
It is used to assign access permissions to global groups for local domain resources.
|
|
|
What is Global Groups?
|
It is used to provide categorized membership in domain local groups for individual security principals or for direct permission assignment.
|
|
|
What is an Universal Group?
|
It is used to grant access to resources in all trusted domains, but universal groups can only be used as a security principal
|
|
|
How many levels of nesting are allowed?
|
No more than 3.
|
|
|
How are the different groups arranged?
|
Top Down… Universal > Global > Local
|
|
|
What are the 3 types of permissions?
|
1. Read 2. Change 3. Full Control
|
|
|
What is an inheritable permission?
|
Change.
|
|
|
What does the performance console include?
|
System Monitor, Performance Logs, and Alerts
|
|
|
What are the 3 configurations of the system monitor?
|
1. Type of Data 2. Source of Data 3. Sampling Intervals
|
|
|
What are the 3 counters of viewing data?
|
1. Memory 2. Physical Disk(_Total) 3. Processor(_Total)
|
|
|
What are the 5 tabs in Task Manager?
|
1. Applications 2. Process 3. Performance 4. Networking 5. User
|
|
|
What is a distribution group?
|
Cannot assign permissions. Only used for email.
|
|
|
What is a security group?
|
It can be assigned permissions and can be used for email.
|
|
|
What command do you use to figure out what group a user belongs to?
|
dsget
|
|
|
How do you identify a hidden share?
|
$
|
|
|
What are the 4 tabs in the shared permissions?
|
1. General 2. Publish 3. Share Permissions 4. Security
|
|
|
What is inheritance?
|
Permissions applied to a folder under its parent folder.
|
|
|
What is the default inheritance in Active directory?
|
Static Inheritance
|
|
|
What is static Inheritance?
|
Copies the permission to the access control list of each appropriate child object.
|
|
|
What are the three logs available in Event Viewer?
|
1. Application 2. System 3. Security
|
|
|
How do you access task manager?
|
CTRL-ALT-DEL or by clicking the bottom of the screen
|
|
|
What are the two ways that you intiate recovery console?
|
Start using the Win 2K3 CD or by selecting it when the server starts?
|
|
|
What are the three types of backups?
|
Full, Incremental and Differential
|
|
|
What is a full backup?
|
Everything is backed up
|
|
|
What is an incremental backup?
|
Selected files with the archive attribute are backed-up and it clears the archival attribute. It only archives files that have been changed since the last backup.
|
|
|
What is a differential backup?
|
Selected files with the archive attribute are backed-up but it does not clear the archival attribute.
|
|
|
What is the backup utility inherent in Win 2K3?
|
ntbackup
|
|
|
What is DHCP?
|
DHCP allows you to automatically assign IP addresses, subnet masks, and other configuration information to client computers on a local network. Implementing a basic DHCP server requires installing the server, authorizing the server, configuring the scopes, exclusions, reservations, and options, activating the scopes, and verifying the configuration.
|
|
|
What is a scope?
|
A scope is a pool of IP addresses within a logical subnet that the DHCP server can assign to clients. Scopes provide the essential means for the server to manage distribution and assignment of IP addresses and of any related configuration parameters to clients on the network.
|
|
|
What is a lease?
|
An IP address within a defined scope that is offered to a client is known as a lease.
|
|
|
How are leases renewed?
|
First, a client automatically attempts to renew its lease after 50 percent of the client lease time. A client also attempts to renew a lease upon restarting. When a DHCP client shuts down and restarts it typically obtains a fresh lease from the same IP address it had prior to the shutdown. Finally, leases are refreshed when you execute the Ipcongif /renew command from a DHCP client computer.
|
|
|
What is a Scope Name Page?
|
This page allows you to assign a name for the scope.
|
|
|
What is an IP Address Range Page?
|
This page allows you to specify the starting and ending IP addresses that define the range of the scope, along with the subnet mask you want to assign the distributed addresses.
|
|
|
What is the Add Exclusion Page?
|
This page allows you to specify the IP addresses within the defined range that you do not want to lease to clients.
|
|
|
What is the Lease Duration Page?
|
This page allows you to define the lease duration values, these lease durations are then assigned to clients.
|
|
|
What is the Configure DHCP Page?
|
This page allows you to determine whether to configure DHCP options for the scope through subsequent pages in the New Scope Wizard or later through the DHCP console.
|
|
|
What is the Router (Default Gateway) Page?
|
This page allows you to specify which default gateway should be assigned to clients.
|
|
|
What is the Domain Name and DNS Server Page?
|
This page allows you to specify both the parent domain to be assigned to client computers and the addresses of DNS servers to be assigned to clients.
|
|
|
What is the WINS Server Page?
|
This page allows you to specify the addresses of WINS servers assigned to the client.
|
|
|
What is the Activate Scope Page?
|
This page allows you to determine whether the scope should be activated after the wizard is completed.
|
|
|
What is dhcploc.exe?
|
This is a command line tool to help identify rogue servers on a domain.
|
|
|
What are the 2 liabilities to using ntbackup.exe?
|
You have to back up to a local device. It cannot be burned directly to DVD or CD.
|
|
|
What do you have to do the have DHCP server to work properly?
|
Authorize it
|
|
|
What is a reservation?
|
A permanent assignment of IP address.
|
|
|
What is the 80/20 rule?
|
Divide the scope addresses between 2 DHCP servers. Using more than one DHCP server on the same subnet provides increased fault tolerance for servicing DHCP clients located on it.
|
|
|
What is ipconfig?
|
Used to get basic host configuration information. IP address, subnet mask, and default gateway.
|
|
|
What is network diagnostics?
|
It is a graphical troubleshooting tool built into Win 2k3 that provides detailed information about the local computer's network configuration.
|
|
|
What is telnet?
|
Used to troubleshoot SMTP by checking whether a TCP port can be opened to a receiving host and whether the receiving host is responsing.
|
|
|
What is Nslookup?
|
Used to query DNS to confirm that DNS is working properly.
|
|
|
What is Ping?
|
It is a command line tool that uses ICMP echo commands to test IP connectivity.
|
|
|
What is ARP?
|
It is a command line utility that is used to manage ARP cache, which is a table that stores IP address/MAC address pairs.
|
|
|
What is Nbtstat?
|
Network basic input/output system (NETBIOS) over TCP/IP (NetBT) resolved NETBIOS names to IP addresses.
|
|
|
What is Netstat?
|
It is a command line utility that is used to display protocol statistics and current TCP/IP connections.
|
|
|
What is Tracert?
|
It is a command line utility that is used to determine the path an IP datagram takes to reach a destination.
|
|
|
What is Pathping?
|
It is a route-tracing tool that combines the features of ping and tracert and gives additional information that neither of those tools provide.
|
|
|
When do you disable an user account?
|
When a user will not need an account for an extended period of time but will need it again.
|
|
|
How do you modify multiple user account simultaneously?
|
By holding down the CTRL key while selecting multiple accounts.
|
|
|
What are the subsets of user properties?
|
General, Account, Address, Profile, and Organization
|
|
|
What is a local profile?
|
Profile based at the local computer and is available at only the local computer. When a user logs on to the client computer he or she always receives his or her individual desktop settings and connections, regardless of how many users share the same client computer.
|
|
|
What is a roaming profile?
|
It is the same as a local profile except that the profile is stored on a network share accessable to the user at login. This makes it available on any computer on the network.
|
|
|
What is a mandatory profile?
|
This kind of profile is helpful in locking down the desktop. It is a read-only roaming profile, based on the server and downloaded to the local computer every time a user logs in.
|
|
|
How do you create a mandatory profile?
|
It is created the same way as you create a personal profile, but with one additional step. After you create the profile and copy it to the target location, change the name of the profile's registry file from Ntuser.dat to Ntuser.man.
|
|
|
What is an user object?
|
It is an account that a user can log in with, a placeholder for informational properties, and security principal
|
|
|
What is a security principal?
|
This means that you can give permission to the user for resources and assign security group membership to the user.
|
|
|
Why use a user object template?
|
Because many users share the same attributes. It saves time and energy.
|
|
|
How do you create a user object template?
|
Simply create a user and populate it with all the common elements and copy the template and fill in with the new user's information.
|
